Doing the Work

Guidelines to Iteratively Identify, Assess, and Prioritize Risks

It is important to identify and document the characteristics of risks that might affect the project so that
the project team can determine the most effective action to take for each risk. The project risks and
triggers identified will determine the type of risk analysis to be performed. To identify project risks and
triggers, follow these guidelines:

• Perform a structured review of appropriate documentation from other planning sources with
key project stakeholders to ensure an understanding of each. These documents are a valuable
source for risk identification, and they may include:
I. Project charter
II. WBS
III. Product description
IV. Schedule and cost estimates
V. The network diagram
VI. Estimates of duration
VII. Resource plan
VIII. Procurement plan
IX. List of constraints and assumptions
• Use one or more risk identification techniques to identify risks and their possible triggers.
Techniques may include:
I. Information-gathering techniques such as brainstorming, interviewing, and SWOT
analysis, among others.
II. Risk identification checklists (make every effort to itemize all types of possible risks to
the project on the checklist).
III. Assumptions analysis.
• Be consistent. Whatever method you adopt, apply it systematically across your project. Before
the project begins, identify risks in every project segment and work package. At the start of
each project milestone, segment, or phase, reexamine the risks for that segment. Update your
list of risks at the close of each project segment.
 • Apply your method consistently, but be on the lookout for special circumstances that might
arise in any project segment. Those checklists and templates are in place to help get the risk
identification process going, but they are far from complete. As the project progresses,
circumstances change. Be on the lookout for changed assumptions, new risks, or additional
impacts from previously identified risks.
• Consult relevant historical information such as risk response plans and final reports from
previous, similar projects that may include lessons learned describing problems and their
resolutions. Another source of historical information for risk identification is published
information such as commercial databases, academic studies, and benchmarking results.
• Once risks have been identified, group them into categories that reflect common sources of risk
for your industry or application area. Examine each identified risk to determine what triggers
will indicate that a risk occurred or is about to occur.
• Use the results of your analysis to initiate the risk register.
I. Consider implementing any risk-register software that may be in common usage at your
company. You can also create a risk register without specialized software by using a
spreadsheet or table.
II. Include the project's name, sponsor, key stakeholders, and objectives.
III. Identify the risks inherent in your project with a description of each.

Guidelines to Determine and Implement Risk Responses

Response strategies should be developed for each identified risk. The selected response strategies
should take advantage of opportunities and reduce the probability and/or impact of threats to project
objectives. To develop an effective risk response plan, follow these guidelines:

• Examine each identified risk to determine its causes and how it may affect project objectives.
Brainstorm possible strategies for each risk.
I. Identify which project stakeholders can be assigned responsibility of a risk. Involve those
people in your risk response planning.
II. Write down every idea mentioned regardless of feasibility or cost.
• Choose the response strategy that is most likely to be effective for each identified risk. Ensure
that the chosen risk response strategies are:
 I. Enough to bring the risk below the organization's threshold.
II. Appropriate to the severity of the risk.
III. Cost effective.
IV. Timely enough to be successful.
V. Realistic within the context of the project.
VI. Agreed to by all parties involved.
VII. Owned by a responsible person.
• If you are unable to bring a risk’s rating below the organization’s risk threshold, ask your sponsor
for help. Develop specific actions for implementing the chosen strategy.
• Identify backup strategies for risks with high risk factor scores.
• Determine the amount of contingency reserves necessary to deal with identified risks.
I. How much will your contingency plans cost?
II. How much time will your contingency plans add to the schedule?
• Consult the risk management plan for the description of the content and format of the risk
response plan. Include the following elements in your risk response plan:
I. A description of the identified risks along with the area of the project affected (that is,
the WBS element).
II. Risk owners and assigned responsibilities.
III. Qualitative and/or quantitative risk analysis results.
IV. Response strategies selected and the specific actions for implementing the strategies.
V. Level of residual risk expected to remain after the response strategies are implemented.
VI. Budget and schedule for responses.
VII. Contingency plans and fallback plans for all accepted risks with high impact.
• Incorporate the risk response plan into the overall project plan so the strategies can be
implemented and monitored. As the project processes through the life cycle, examine trends in
qualitive and quantitative analysis results that may guide your response strategies.
I. Use the following guidelines to implement risk responses:
II. Be aware of the appropriate and acceptable responses to risks.
III. When possible, take preventive actions before risks are realized.
IV. Review the risk management plan to verify the agreed upon responses.
V. Refer to the lessons-learned repository to leverage knowledge from other similar
projects.
 VI. Use your influencing skills to convince risk owners to take the necessary actions.
VII. Use a PMIS to capture, store, and distribute information about project risks.
VIII. Document any lessons learned in the lessons-learned register for future risk response
plans.

Guidelines to Measure Ongoing Progress

• Define value from the customer’s, business, and/or user’s perspective.

• Determine value expectations.
• Set targets and baselines on expectations.
• Determine metrics that communicate progress towards those value expectations.
• Select one or more means of collecting metric data that is not too cumbersome or time
consuming for the project team.
• Collect data at a regular interval.
• Present the data of the progress.
• Compare the progress with the baselines and expectations.
• Improve on success or correct areas where progress is not meeting expectations.

Guidelines to Effectively Manage Communication throughout the Project

To create an effective communications management plan, follow these guidelines:

• Gather and distribute contact information for all involved parties.

• Determine the communication needs of the project stakeholders.
I. Work from an organization chart to avoid omitting a key stakeholder.
II. Ask for your project sponsor's input.
III. Ask open-ended questions.
• As a rule of thumb, project team members require more detail on a more frequent basis. Senior
management typically requires summary information on a less frequent basis.
• Analyze the value to the project of providing the information.
• Evaluate any constraints and assumptions to determine their possible impact on communication
planning.
 • Determine the appropriate communication technologies to use for communicating project
information.
I. Determine the immediacy of the need for information.
II. Analyze the availability of technology systems.
III. Evaluate the expected project staff to identify their knowledge of and access to
proposed technology.
IV. Conduct research to determine the likelihood that there will be changes to the
proposed technology before the project is over.
• Make sure your communications management plan includes all key elements:
I. A description of the types of information required for each project stakeholder.
II. A collection and filing structure that describes the methods the project team will use to
collect and file project information.
III. A distribution structure describing to whom and by whom project information such as
status reports, data schedules, and meeting minutes, should be provided.
IV. The methods that will be used to distribute the various types of information.
V. How the team will gather, update, store, and disseminate its own institutional
knowledge.
VI. Schedules for the production of each type of communication.
VII. Methods for accessing information between scheduled communications.
VIII. How knowledge will be stored and transferred as needed throughout the project.
IX. A method for updating and refining the communications management plan throughout
the project life cycle.
• Integrate the communications management plan into the overall project plan.
• Distribute the plan to project stakeholders.

Guidelines to Develop, Execute, and Validate a Strategy for Stakeholder Engagement

Guidelines to developing, executing, and validating a strategy for stakeholder engagement are as
follows:

• Review the project management plan for information such as life cycle selected for the project,
description of how work will be executed, description of how resource requirements will be
 met, how changes will be monitored and controlled, and the need and techniques for
communication among stakeholders.
• Review the stakeholder register for information needed to plan appropriate ways to engage
among stakeholders.
• Review the organizational culture, structure, and political climate to help in determining the
best options to support a better adaptive process for engaging stakeholders.
• Review the lessons-learned database and historical information, as they provide insight on
previous stakeholder engagement plans and their effectiveness.
• Use expert judgement to decide upon the level of engagement required at each stage of the
project from each stakeholder.
• Hold meetings with experts and the project team to define the required engagement levels of all
stakeholders.
• Use analytical techniques to classify the level of engagement for stakeholders.
• Document the stakeholder engagement plan.

Guidelines to Continually Assess the Effectiveness of Management of Project Artifacts

To continually assess the effectiveness of management of project artifacts, follow these guidelines:

• Use an appropriate degree of configuration management for your project.

• Follow any organizational procedures regarding project management documentation.
• Develop an archive management system that is of appropriate size and complexity for your
project. Pay particular attention to these issues:
I. Types of documents needed and their purpose.
II. Templates to facilitate document creation.
III. Authors, reviewers, and approvers of documents.
• Implement version control of documents, so you will be able to reconstruct changes and revert
to an earlier version if necessary.
Guidelines to Manage Project Changes

Managing changes to performance baselines ensures that the original project scope and the integrity of
performance baselines are maintained. Ensuring that changes are agreed upon and continuously
managing changes as they occur minimizes the impact changes may have on project time, cost, and
quality concerns. To effectively perform integrated change control, follow these guidelines:

• Make sure your change control system is cost-effective. It should not cost more money to
implement than it saves through controlling.
• Establish or make use of an existing CCB composed of project stakeholders to evaluate change
requests.
I. What is the magnitude of the change when compared to the plan?
II. What is the impact of the change on project schedule, cost, and quality objectives?
III. What are the potential risks and benefits of the change?
• Document the effect the changes have on the applicable project baselines.
• Obtain approval from the appropriate parties for all change requests before implementing the
change.
• Use configuration management to document and control changes to original product
characteristics.
• Coordinate changes across knowledge areas as appropriate. For example, does a proposed
schedule change affect cost, risk, quality, and/or staffing?
• Use performance reports to measure project performance and assess whether planned
variances require corrective action. Make sure performance reports are timely and accurate to
increase the effectiveness of control decisions.
• Identify corrective actions necessary to bring expected performance in line with the project
plan.
I. Determine the source and severity of the problem.
II. Review the project plan and objectives.
III. Consider factors inside and outside the project that may influence corrective action
decisions.
IV. Identify alternative options available.
V. Choose from among the alternatives by evaluating the impact of each alternative on
cost, schedule, quality, and risk.
 • Update the project plan to reflect changes made that affect performance baselines.
• Document the lessons learned, including:
I. Causes of variances
II. Project baselines affected by the changes
III. Rationale behind the recommended decision-making process and corrective action
IV. Any other lessons learned during change control

Guidelines to Resolving Issues

• To resolve issues, follow these guidelines:

• Use your organization’s Issue Log template, or in the absence of one, create an Issue Log.
• Train the project team members to promptly report potential issues to the project manager,
who will determine if they belong in the Issue Log.
• Enter the issue into the Issue Log, and assign an owner and a due date.
• Monitor progress, and discuss each open issue at every project status meeting.
• Develop a response (also know as a workaround) to the issue.
• Assess the impact of the response.
• Approve the response.
• Close the issue.

Guidelines to Maintain Team and Knowledge Transfer

• To effectively maintain the transfer of project knowledge, follow these guidelines:

• If your organization has a Project Management Office, follow its guidelines on documenting new
knowledge.
• Be alert to new sources of project knowledge, and follow the communications management
plan to convey that knowledge to stakeholders.
• Proactively seek new knowledge.
• Compile a lessons-learned register throughout the project’s lifecycle, and add it to a lessons-
learned repository with registers from other projects.